No news is good news for the Veterans Affairs Department. VA Chief Information Officer Roger Baker described the latest report to Congress as "boring compared to the last couple," during a Jan. 28 call with reporters. This month's report only included 10 incidents, with minimal impact.

The VA delivers monthly reports to Congress on data breach incidents, and the most recent report, spanning from Nov. 29, 2010 to Jan. 2, 2011, is fairly uneventful. That's good news for an agency that has had to report some major security incidents over the past year.

"Some of this stuff is not real fun and sometimes falls into the category of stupid human tricks," said Baker. "But it is what it is, and it's what's going on in side the VA."

Even when the reports aren't pleasant to deliver, Baker said he's proud of "an organizational culture that encourages reporting privacy issues."  He's also happy with the performance of the VA's independent data breach report team, and the level of transparency at VA.

Baker said the reporting requirement has helped VA take a more strategic look at IT security. He added that he hopes to continue the reports even as data incidents at the agency are declining.

"I like the fact that it helps us with our transparency and our trust with veterans and with the Hill," said Baker. "We're reporting everything."

For more:
- see the VA incident report (.pdf)
- listen to the Jan. 28 press call

Related Articles:
Audio: VA CIO Roger Baker's January IT report
Cloud technology, smaller electronic devices present security challenges at VA 
Audio: VA CIO Roger Baker's December IT report 
VA establishes six IT 'design principles' 
Q&A: Roger Baker on the future of VistA and VLER